Fs0ci3ty Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 10 |
| First Seen: | October 5, 2016 |
| Last Seen: | February 15, 2020 |
| OS(es) Affected: | Windows |
The Fs0ci3ty Ransomware is a ransomware Trojan that is branded after the organization in the popular TV show Mr. Robot. PC security analysts had observed a variant of the Fs0ci3ty Ransomware in early Summer of 2016. However, this version of the Fs0ci3ty Ransomware, released in early October of 2016, seems to be a completed, more threatening version of this ransomware Trojan. The Fs0ci3ty Ransomware may be distributed by using corrupted spam email attachments that may take the form of a corrupted Microsoft Word file (in DOC format) requiring the victim to enable Microsoft Word macros. This file, supposedly related to a system driver, installs the Fs0ci3ty Ransomware. As soon as the Fs0ci3ty Ransomware is installed, it begins encrypting the victim's files. The Fs0ci3ty Ransomware uses the file extension '.realfs0ciety@sigaint.org.fs0ciety' to identify the files it encrypts. After encrypting the victim's files, the Fs0ci3ty Ransomware drops an HTML file on the victim's desktop. This file, named 'the Fs0ci3ty.html,' contains information on how to pay the ransom.
A Ransom not Easy to be Paid
According to the Fs0ci3ty Ransomware's ransom note, victims are instructed to pay 1.5 BitCoin (currently about $900 USD) to receive the decryption key. TheFs0ci3ty Ransomware ransom note also states that the amount will increase by 1 BitCoin every 24 hours that pass without paying the ransom. Unfortunately, it is not possible to decrypt files that have been encrypted by the Fs0ci3ty Ransomware without access to the decryption key. However, this does not mean that computer users should contact the con artists responsible for this attack. The creators of these attacks may ignore their victims, even after the payment has been made. The best solution to the Fs0ci3ty Ransomware is to take preventive measures so a backup can be used to restore the files encrypted by the Fs0ci3ty Ransomware. Malware analysts strongly advise computer users to avoid contacting the people responsible for this threat attack.
The following is the full text of the Fs0ci3ty Ransomware ransom note:
Welcome To the Fs0ci3ty
realfs0ciety@sigaint.org
You Will need to make a Payment of 1.5 Bitcoins within the next 24 Hours or Ransome goes to 1 Btc more daily Your File System has been encrypted using state of the art Technology
You may already understand how this works, if you do good but if you are confused or are unaware of how this works we are hoping to be more informative with our clients.
buying bitcoins can be very hard to do, so to make this more trust worthy than most we are going to have a secure cold payment system set up that will allow us to secure bitcoins.
as well as a different wallet address per client, each user is given a unique identifier by the server that is used to track distributed keys as well wallet addresses assigned.
you can head to http://localbitcoins.com/ and create a new account in seconds flat, than go to the wallet and send 1.5 btc to the address you were given in the ransom message
you will use the bitcoin you get through local bitcoins to pay to the unique wallet we gave you the identifier in the bottom left of this page is tied to your key contact us via email
The Fs0ci3ty Ransomware and Other Ransomware Branding
The Fs0ci3ty Ransomware is branded after Fsociety, a fictional hacker society that exists in the world of the popular television show Mr. Robot. The con artists may brand their ransomware in this way, basing the attack elements on some element of pop culture. For example, in recent months PC security researchers have noted the existence of ransomware Trojans based on the Pokemon Go, Batman and the Saw movies. There is no real reason to do this, except perhaps to give each ransomware attack a unique or memorable trait. Since many of these ransomware Trojans are based on a recycled code, these branding attempts can help differentiate one ransomware attack from the next.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.